how vulnerable is "hidden-encrypt-to"
jeandavid8 at verizon.net
Sat Aug 18 05:12:25 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hauke Laging wrote:
> Am Fr 17.08.2012, 21:05:32 schrieb auto15963931:
>> In the example
>> of yours it appears as though the message was encrypted to two different
>> keys, one of which was hidden and the other not. Is that right?
> That is right. --hidden-encrypt-to needs other recipients. But you may use
> ‑‑throw-keyids or --hidden-recipient instead.
>> Incidentally, when I looked at your reply and noticed it was signed, I
>> tried verifying the signature.
>> Why is the signature failing? Thanks.
> That's a bug in my MUA which is triggered by the email being encoded as ascii:
> This bug (or rather: problem) has been discovered here on the list – it occurs
> almost only in English emails. I have added a non-ASCII char to my text
> signature thus forcing a charset different from ascii. Thus the signature of
> this email should be OK.
OpenPGP Security Info
UNTRUSTED Good signature from Hauke Laging <mailinglisten at hauke-laging.de>
Key ID: 0x3A403251 / Signed on: 08/17/2012 10:24 PM
Key fingerprint: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key:3EDBB65E 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 23:10:01 up 30 days, 3:11, 3 users, load average: 4.42, 4.42, 4.43
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Gnupg-users